<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>输出</title>
</head>

<body>
    <div id="inTag"></div>
    <div id="inAttr"></div>
    <script src="https://cdn.bootcss.com/jquery/1.12.4/jquery.min.js"></script>
    <script>
        let data = {
            inTag: "<script>alert(1);<\/script>",
            clsName: '"><script>alert(2);<\/script>',
            url: '"><script>alert(3);<\/script>',
            id: '"><script>alert(4);<\/script>'
        }
        //前台过滤
        function htmlEscape(str) {
            return String(str)
                .replace(/>/g, '&gt;')
                .replace(/</g, '&lt;')
                .replace(/&/g, '&amp;')
                .replace(/"/g, '&quot;')
                .replace(/'/g, '&#39;')
        }
        $('#inTag').html(htmlEscape(data.inTag))
        $("#inAttr").html(`<a href="${htmlEscape(data.clsName)}">点我</a>`)
    </script>



</body>

</html>